Project

General

Profile

Actions

Feature #33071

open

Prevent accidental deletion of contents with sudo mode

Added by Go MAEDA about 4 years ago. Updated about 3 years ago.

Status:
Reopened
Priority:
Normal
Assignee:
Category:
UI
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Fixed

Description

The attached patch adds protection against deletion of contents such as issues, wiki pages, and attachments by expanding operations covered by sudo mode that has been added in Redmine 3.1 (#19851).

Users sometimes mistakenly delete contents like issues. I think it is because deleting contents is so easy if they have appropriate permissions.

I think such accidents can be reduced with sudo mode. If sudo mode guards deletion of contents as well by requiring re-entering a password, users can have an opportunity to reconsider the operation.

Step 1: the user see "Are you sure?" dialog after clicking "Delete" button. Not a few users press OK without thinking.

Step 2: if sudo mode is enabled in configuration.yml and the attached patch is applied, Redmine requires user to re-enter their password before performing deletion. The user may notice that they are doing a daingerous operation.


Files


Related issues

Related to Redmine - Feature #2893: Add a view to confirm issue deletionReopened2009-03-04

Actions
Related to Redmine - Feature #34417: Require explicit confirmation when deleting a user or a projectClosedGo MAEDA

Actions
Actions #1

Updated by Go MAEDA about 4 years ago

  • Related to Feature #2893: Add a view to confirm issue deletion added
Actions #2

Updated by Go MAEDA about 4 years ago

Added tests to the patch.

Actions #3

Updated by Go MAEDA about 4 years ago

  • Target version changed from Candidate for next major release to 4.2.0

Setting the target version to 4.2.0.

Actions #4

Updated by Marius BĂLTEANU about 4 years ago

The instances without sudo mode enabled won't be able to use this feature, right?

Actions #5

Updated by Go MAEDA about 4 years ago

Marius BALTEANU wrote:

The instances without sudo mode enabled won't be able to use this feature, right?

Yes, that is right. The patch extends sudo mode, so there is no change in behavior on Redmine instances without sudo mode enabled.

Actions #6

Updated by Go MAEDA about 4 years ago

  • Status changed from New to Closed
  • Assignee set to Go MAEDA
  • Resolution set to Fixed

Committed the patch.

Actions #7

Updated by Marius BĂLTEANU about 4 years ago

Go MAEDA wrote:

Committed the patch.

Even if the patch is already committed, I think it's too much to require the password for delete actions and to have this feature only for the instances with sudo mode enabled. I think making the delete action harder, it's good idea. What I saw in the last period in many web applications (starting from cloud platforms to Github, Gitlab) it's a custom confirmation modal that requires a manual input like "yes" from the user in order to continue the action.

Also, in some cases like issue page, the delete button it's easily mismatch with the delete button from comment and what we can do there is to hide the button under actions dropdown.

I'm reopening this to take more feedback from the users, I don't think that such a change should go so quickly in the next release.

Actions #8

Updated by Marius BĂLTEANU about 4 years ago

  • Status changed from Closed to Reopened
Actions #9

Updated by Go MAEDA about 4 years ago

It will be nice if an alternative implementation is introduced before the release of 4.2.0.

But I believe that a mechanism to guard contents against such accidents is indispensable and the sudo mode works well until another mechanism is implemented. I will happily replace this if another patch is suggested.

Before that, I think the sudo mode is a good workaround. Probably not many instances enable sudo mode, the instances influenced by this extended sudo mode are limited. So, most users Redmine can delete contents as usual even after their instance is upgraded.

Actions #10

Updated by Miodrag Milic over 3 years ago

I support Go Maeda in this.

This happens so frequently (even to those like me that use Redmine daily for decade, due to that funky journal delete button being on wrong place) that its better to have current implementation then wait for something else. Is it really important what I type ? yes or password ?

This should eventually support bulk operation (not sure if it does now). It is very important for spammy plugins like service desks.

Actions #11

Updated by Marius BĂLTEANU over 3 years ago

  • Related to Feature #34417: Require explicit confirmation when deleting a user or a project added
Actions #12

Updated by Marius BĂLTEANU over 3 years ago

  • Target version changed from 4.2.0 to Candidate for next major release

We can use the implementation proposed in #33071 to have this ticket done.

Actions #13

Updated by Go MAEDA over 3 years ago

Marius BALTEANU wrote:

We can use the implementation proposed in #33071 to have this ticket done.

Indeed. It is a nicer solution.

Actions #14

Updated by Jens Krämer about 3 years ago

We had actually thought about doing something like this for issue deletion as well, but found it a bit too intrusive in the end.

Few things I just thought about:

- we could use an overlay for the confirmation dialog instead of leading to another page. This would simply replace the 'Are you sure' alert that exists in many cases with something more meaningful, without distracting too much.
- for issues or other 'less important' entities, give the user an option to turn off the confirmation requirement until the end of the day. This would relieve people doing 'cleanup' style tasks from having to confirm each and every action.
- entering 'yes' (in case of bulk delete) or the issue id should be sufficient (I would not want to use the password for this kind of confirmation).

Actions

Also available in: Atom PDF